CVE-2017-0596

Name of the Vulnerable Software and Affected Versions Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1

Description An elevation of privilege issue in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. The vulnerability is related to insufficient access control in the libstagefright service of the Mediaserver application in the Android operating system, which could allow a remote attacker to execute arbitrary code in the context of a privileged process using a local malicious application.

Recommendations For versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, consider disabling the libstagefright service in Mediaserver as a temporary workaround until a patch is available. Restrict access to the Mediaserver application to minimize the risk of exploitation. Avoid using the Mediaserver application for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.